Certification Policy Statements

Content

BSI wants to inform members of the German certification scheme and users to be up to date regarding the national certification policy.

Position Statement regarding the SOG-ISMRA in the context of the revised CCRA (July 2015)

The German Common Criteria Certification Scheme of the Federal Office for Information Security (BSI), considering the ratification of the revised CCRA has determined their policy how to use collaborative Protection profiles (cPPs) in their scheme in relation to the national and European context. International mutual recognition of certificates under the terms of CCRA is based on evaluations that claim compliance to cPPs or Evaluation Assurance Levels 1 through 2. Members of SOGIS-MRA mutually recognise certificates up to and including Evaluation Assurance Level 4 or higher for defined Technical Domains.

The role of SOG-ISMRA in the context of the EU

National competent authorities are collaborating within SOG-ISMRA at European level. Hence, SOG-ISMRA is the single point of contact for all stakeholders including the Commission when it comes to IT security product certification. This group provides a neutral and objective platform to address todays trust challenge in a pragmatic, result-oriented manner. SOG-ISMRA particularly promotes so-called recommended Protection Profiles that are of interest to all members and might possibly be EU mandated. They are harmonised by all members following an endorsement procedure and therefore sustainably enforce the trust in the digital society and economy.

High assurance certification

IT-security of products is essential in building the trust of citizens, businesses and administrations in the digital society, in particular while protection of privacy online has become a growing concern in the EU. Several EU legislations now mandate high assurance IT security product certification. The supporting PPs are developed by European Standardisation Organisations or other bodies, published as SOG-ISMRA recommended, and applied by SOG-ISMRA member schemes.
While the CCRA focuses on evaluations being fully comparable and repeatable, the SOG-ISMRA acknowledges that especially for the higher assurance levels, more evaluation effort is necessary that maximises the use of the evaluator’s skills and capabilities. This sound expertise and experience within certain product categories/technical domains is established in cooperation with industry in technical working groups and is regularly proven by a thorough and technical assessment between the SOG-ISMRA members.
Compared to the CCRA, SOG-ISMRA allows mutual recognition of a larger range of assurance levels, allowing industry to seek a certificate recognised by several countries, and at the same time achieving, when necessary, a medium or even high assurance level. SOG-ISMRA is therefore beneficial to international trade, not only for EU industry but also for non-EU product providers.

Conclusion

BSI will make use of international collaborative Protection Profiles as far as they fulfill the specific needs of National stakeholders or the European Community (governments, market and industry). This could imply that additional security functionality may be required and adjustments for higher assurance levels are needed.
Under the revised CCRA, certificates can only be issued against cPPs if the product exactly conforms to the security requirements as stated in the cPP, according to annex K.3 of the CCRA. This means a certificate issued under the CCRA cannot claim additional security functionality, or higher assurance components. In these cases BSI will issue two certificates based on a single evaluation for a compliant product where one will be CCRAcPP compliant and the other SOG-ISMRA compliant including the additional security requirements.
For non-cPP compliant evaluations, BSI will continue, as before and in compliance with the SOG-ISMRA, to issue certificates beyond EAL2 as appropriate and to recognise certificates at the EAL4 level, or higher for specific technical domains. Those certificates will be mutually recognised by the CCRA nations up to EAL2. If regulatory security requirements or similar strong reasons demand according assurance levels, BSI also issues certificates beyond international mutual recognition.

Certification of Operating Systems (May 2014)

BSI continues its work on a Protection Profile for operating systems running on server and desktop systems. This and the accompanying extended packages are subject to a international working group. The goal is to enable product assurance according to the security needs of the markets. The assurance results from the operational environment of the systems and the need for protection of the data being processed. Operating systems are baseline technology, partly being used in sensitive areas. BSI recommends usage of appropriately certified operating systems specifically in those areas.
It is currently recommended to use the stable version 2.0 of the OS-PP. A first draft of the new version under development can be found under Collaborative Protection Profiles. In case you have interest in actively participating, please contact zertifizierung@bsi.bund.de.